Skip to content

Commit

Permalink
Merge pull request #202 from saschagrunert/disabled-cni
Browse files Browse the repository at this point in the history
Disable CNI configuration by default
  • Loading branch information
saschagrunert authored Nov 29, 2024
2 parents 2d307fb + f4e9679 commit 66ee6fb
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 8 deletions.
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ dedicated repository, following official Kubernetes guidelines by using the
- [Add the CRI-O repository](#add-the-cri-o-repository)
- [Install package dependencies from the official repositories](#install-package-dependencies-from-the-official-repositories)
- [Install the packages](#install-the-packages)
- [Configure a Container Network Interface (CNI) plugin](#configure-a-container-network-interface-cni-plugin)
- [Start CRI-O](#start-cri-o)
- [Bootstrap a cluster](#bootstrap-a-cluster)
- [Distributions using <code>deb</code> packages](#distributions-using-deb-packages)
Expand Down Expand Up @@ -174,6 +175,22 @@ dnf install -y container-selinux
dnf install -y cri-o kubelet kubeadm kubectl
```

#### Configure a Container Network Interface (CNI) plugin

CRI-O is capable of working with different [CNI plugins](https://github.com/containernetworking/cni),
which may require a custom configuration. The CRI-O package ships a default
[IPv4 and IPv6 (dual stack) configuration](templates/latest/cri-o/bundle/10-crio-bridge.conflist.disabled)
for the [`bridge`](https://www.cni.dev/plugins/current/main/bridge) plugin,
which is disabled by default. The configuration can be enabled by renaming the
disabled configuration file in `/etc/cni/net.d`:

```bash
mv /etc/cni/net.d/10-crio-bridge.conflist.disabled /etc/cni/net.d/10-crio-bridge.conflist
```

The bridge plugin is suitable for single-node clusters in CI and testing
environments. Different CNI plugins are recommended to use CRI-O in production.

#### Start CRI-O

```bash
Expand Down
2 changes: 1 addition & 1 deletion get
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,7 @@ ARCH=${ARCH:-amd64}

install $SELINUX -d -m 755 "$DESTDIR$CNIDIR"
install $SELINUX -D -m 755 -t "$DESTDIR$OPT_CNI_BIN_DIR" cni-plugins/*
install $SELINUX -D -m 644 -t "$DESTDIR$CNIDIR" contrib/10-crio-bridge.conflist
install $SELINUX -D -m 644 -t "$DESTDIR$CNIDIR" contrib/10-crio-bridge.conflist.disabled
install $SELINUX -d -m 755 "$DESTDIR$LIBEXEC_CRIO_DIR"
install $SELINUX -D -m 755 -t "$DESTDIR$LIBEXEC_CRIO_DIR" bin/conmon
install $SELINUX -D -m 755 -t "$DESTDIR$LIBEXEC_CRIO_DIR" bin/conmonrs
Expand Down
2 changes: 1 addition & 1 deletion scripts/bundle/build
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ for FILE in "${FILES_ETC[@]}"; do
done

FILES_CONTRIB=(
"$TEMPLATES_DIR/10-crio-bridge.conflist"
"$TEMPLATES_DIR/10-crio-bridge.conflist.disabled"
"$TEMPLATES_DIR/crio.service"
"$TEMPLATES_DIR/policy.json"
"$TEMPLATES_DIR/registries.conf"
Expand Down
2 changes: 1 addition & 1 deletion templates/latest/cri-o/bundle/install
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ ARCH=${ARCH:-amd64}

install $SELINUX -d -m 755 "$DESTDIR$CNIDIR"
install $SELINUX -D -m 755 -t "$DESTDIR$OPT_CNI_BIN_DIR" cni-plugins/*
install $SELINUX -D -m 644 -t "$DESTDIR$CNIDIR" contrib/10-crio-bridge.conflist
install $SELINUX -D -m 644 -t "$DESTDIR$CNIDIR" contrib/10-crio-bridge.conflist.disabled
install $SELINUX -d -m 755 "$DESTDIR$LIBEXEC_CRIO_DIR"
install $SELINUX -D -m 755 -t "$DESTDIR$LIBEXEC_CRIO_DIR" bin/conmon
install $SELINUX -D -m 755 -t "$DESTDIR$LIBEXEC_CRIO_DIR" bin/conmonrs
Expand Down
4 changes: 2 additions & 2 deletions templates/latest/cri-o/cri-o.spec
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ install -dp %{buildroot}%{_datadir}/oci-umount/oci-umount.d
install -p -m 644 %{archive_root}/etc/crio-umount.conf %{buildroot}%{_datadir}/oci-umount/oci-umount.d/crio-umount.conf

install -dp %{buildroot}%{_sysconfdir}/cni/net.d
install -p -m 644 %{archive_root}/contrib/10-crio-bridge.conflist %{buildroot}%{_sysconfdir}/cni/net.d/10-crio-bridge.conflist
install -p -m 644 %{archive_root}/contrib/10-crio-bridge.conflist.disabled %{buildroot}%{_sysconfdir}/cni/net.d/10-crio-bridge.conflist.disabled

# Fix the prefix in crio.service
sed -i 's;/usr/local/bin;/usr/bin;g' %{archive_root}/contrib/crio.service
Expand Down Expand Up @@ -144,7 +144,7 @@ install -D -m 644 -t %{buildroot}%{_mandir}/man8 %{archive_root}/man/crio.8
%config(noreplace) %{_sysconfdir}/%{systemconfigdir}/crio
%dir %{_sysconfdir}/cni
%dir %{_sysconfdir}/cni/net.d
%config(noreplace) %{_sysconfdir}/cni/net.d/10-crio-bridge.conflist
%config(noreplace) %{_sysconfdir}/cni/net.d/10-crio-bridge.conflist.disabled
%{_unitdir}/crio.service
%dir %{_sysconfdir}/crio
%dir %{_sysconfdir}/crio/crio.conf.d
Expand Down
5 changes: 2 additions & 3 deletions test/scripts/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,8 @@ set -euxo pipefail
# It is referenced from ../deb/Vagrantfile and ../rpm/Vagrantfile

# Disable IPv6 for CI
CNI_CONFIG=/etc/cni/net.d/10-crio-bridge.conflist
jq 'del(.plugins[0].ipam.routes[1], .plugins[0].ipam.ranges[1])' $CNI_CONFIG >tmp
mv tmp $CNI_CONFIG
CNI_CONFIG_PATH=/etc/cni/net.d
jq 'del(.plugins[0].ipam.routes[1], .plugins[0].ipam.ranges[1])' $CNI_CONFIG_PATH/10-crio-bridge.conflist.disabled >$CNI_CONFIG_PATH/10-crio-bridge.conflist

systemctl start crio

Expand Down

0 comments on commit 66ee6fb

Please sign in to comment.